[jira] [Comment Edited] (SOLR-17901) CVE-2024-21742: vulnerability in apache-mime4j-core 0.8.4 dependency

Fri, 12 Dec 2025 09:13:05 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-17901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18044714#comment-18044714
 ] 

Isabelle Giguere edited comment on SOLR-17901 at 12/12/25 5:12 PM:
-------------------------------------------------------------------

[~epugh], [~janhoy] : So, basically, what needs to be done in 9.x and 10 is 
"the same as" in branch main (11) ?

I can start looking into it.  But I'm confused...
I see https://issues.apache.org/jira/browse/SOLR-13973 just marked a couple of 
classes "@Deprecated" (https://github.com/apache/solr/pull/3669/files)
Then, there's https://issues.apache.org/jira/browse/SOLR-7632, which is closed, 
with 3 pull requests:
* https://github.com/apache/solr/pull/3780 : merged in branch 9.x
* https://github.com/apache/solr/pull/3670 : merged in "main" on Oct 16th 
(whatever "main" was then)

So... What's left?

Note: I just re-subscribed to the dev list, using my own email.  I was 
previously subscribed with my former employer email, so I probably missed some 
discussions in the interval.


was (Author: igiguere):
[~epugh], [~janhoy] : So, basically, what needs to be done in 9.x and 10 is 
"the same as" in branch main (11) ?

I can start looking into it.

Note: I just re-subscribed to the dev list, using my own email.  I was 
previously subscribed with my former employer email, so I probably missed some 
discussions in the interval.

> CVE-2024-21742: vulnerability in apache-mime4j-core 0.8.4 dependency
> --------------------------------------------------------------------
>
>                 Key: SOLR-17901
>                 URL: https://issues.apache.org/jira/browse/SOLR-17901
>             Project: Solr
>          Issue Type: Bug
>    Affects Versions: 9.9.0
>            Reporter: Alexander Veit
>            Priority: Major
>              Labels: security
>
> {{org.apache.james:apache-mime4j-core:0.8.4}} (Apr 2021) which is included in 
> Solr 9.9.0 comes with CVE-2024-21742 (Score 5.3).
> https://nvd.nist.gov/vuln/detail/CVE-2024-21742



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to